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ABSTRACT 



A service methodology based on distribution of secured 
content, such as, movies, music, games, information and the 
like, whereby revenue may be generated for premier and 
pay-per-use access to the secured content. The service is 
manifested by the combination of a video disk reader, 
controller and authorization center. A service provider, for 
instance, locks up a movie on a video disk for which a 
premier event viewing date and time may be defined and 
which the provider may then directly distribute, in advance 
of the premier event, to potential consumers. Each consumer 
may purchase the right to view the movie once for a certain 
fee, for example $5.00, through online access from the 
controller to the authorization center, but the single viewing 
will only be allowed by the controller on or after the premier 
event. Thereafter, the consumer pays for viewing of the 
movie on a pay-per-use basis or over a defined window of 
time, perhaps for reduced fee, such as $1.00. Moreover, the 
online authorization process makes it possible to track 
consumer preferences at the authorization center, and as an 
alternative to the online payment processing, smart cards 
may be utilized for such. 

37 Claims, 3 Drawing Sheets 




18 




PSTN 



12 



-16 



60 



SERVER 






MASTER 
CLOCK 


-61 



DATA 
BASE 



AUTHORIZATION 
CENTER 



.64 



03/05/2003, EAST version: 1.03.0002 



U.S. Patent 



Jan. 5, 1999 



Sheet 1 of 3 



5,857,020 




C3 

ti: 



n 

Csl 



see 






r 
0 



Q 
LU 



LU 
CO 



CO 



CVJ 

00 



CO 

en 



CM 
CM CM 



CO 
CM 



00 
CM 



03/05/2003, EAST Version: 1.03.0002 



U.S. Patent 



Jan. 5, 1999 



Sheet 2 of 3 



5,857,020 




03/05/2003, EAST Version: 1.03.0002 



U.S. Patent jan. 5,1999 sheet 3 of 3 5,857,020 



FIG, 3 



98-y 

99- 



MEDIUM 
READER 



70-. 



72 



MEDIUM 



74- 



ID 



PREMIER 
DATE & TIME 



COST 



TIME 
LIMIT 



USAGE 
LIMIT 



COST 



EXPIRATION 



NON-SECURED 
DATA 



SECURED 
DATA 



86 



96- 



94 



89-1 

88- 
'76 
'80 

'81 

'82 

'83 

'84 
'85 
'78 

'79 



CONTROLLER 



MEMORY 



DECRYPTION 




KEY 


ALGORITHM 




BUFFER 



97 



95 



PROCESSOR 



CARD READER/WRITER 



CARD 



DECRYPTION KEY 



AUTHORIZED LIST 



PREPAID FUNDS 



TOD CLOCK 



'93 
'92 
'91 
'90 



03/05/2003, EAST Version: 1.03.0002 



5,857,020 

1 2 

TIMED AVAILABILITY OF SECURED the user terminal for a desired CD-ROM database. After the 

CONTENT PROVISIONED ON A STORAGE data usage report is successfully uploaded to the crypto - 

MEDIUM graphic operations center, the user is then billed for the 

actual database usage based on the content of the uploaded 

BACKGROUND OF THE INVENTION 5 data usage report. Thus, rather than being required to pur- 

The present invention relates, generally, to distribution of ^^^^^ ^""^''^ CD-ROM database, the user pays only for 

secured prerecorded content and, in particular, to a method ^"^^^^^ ^^^^ ^^^^^^^^y decrypted from the 

and an apparatus for enabling access, dependent upon timed CD-ROM. 

availability, to the secured content provisioned on a storage ^t is, therefore, apparent that more flexible and alternative 

medium, capabilities to unlock secured prerecorded content whereby 

It is blown to distribution in bulk (i.e., mass distribution) ^^^^"^^^ generation from distribution thereof is expanded are 

software packages. Such packages generally comprise a ^^''r^^^'- f or Katznelson provide such capabihties on 

software application in encrypted format on a CD-ROM [he basis of me asunag actual use of the content. Cap abih^^^^^ 

which is distributed in advance to potential consumers who ^^^^ °° ^'"^^^ avadabihty to the secured content is a further 

would either have none or limited use of the software alternative. 

application. Each consumer desiring full use or access SUMMARY OF THE INVENTION 
thereto typically is required to place a voice call to a 1-800 

number and purchase, via credit card, from the distributor a It is an object of the present invention to provide a new 

password (decryption) key that is capable of unlocking the ^^d improved method and apparatus for enabling access, 

encrypted software. A decryption utility which is supplied dependent upon timed availability, to secured content pro- 

with the package and executed by the consumer on a visioned on a storage medium. 

personal computer prompts for the key, responsive to which The invention, therefore, according to a first exemplary 

the consumer enters the key and subsequently is allowed to aspect provides a method of controlling access by a user to 

copy the software application onto a disk. Alternatively, the a data content of a storage medium, the data being 

software package may execute functionality to invoke an encrypted, comprising the steps of: defining a start point in 

online connection, when the computer includes a modem, time prior to which decryption of the encrypted data is 

with an automated authorization center from which the key inhibited; measuring time; and enabling, responsive to the 

may be downloaded to the computer. measured time effectively reaching the start point, the 

The above distribution technique is limited in its abiHty to 35 decryption of the encrypted data whereby the user has access 

generate revenue from the software package, specifically, to data. 

receipt of a single payment for unrestricted use of the In accordance with a second exemplary aspect, the inven- 

software application. tion provides a method for controlling decryption of 

In U.S. Pat. Nos. 4,827,508 to Shear and 5,010,571 to encrypted data, comprising the steps of : defining a start point 

Katznelson, systems for metering access to encrypted data in 35 time prior to which decryption of the encrypted data is 

the form of a database provisioned on a CD-ROM are inhibited; measuring time; and enabling the decryption of 

disclosed. Briefly, in Shear or Katznelson, a CD-ROM the encrypted data on and after the measured time effectively 

containing an encrypted database of interest to a user is reaches the start point. 

distributed typically at nominal cost or at no cost. The user In accordance with a third exemplary aspect, the inven- 

terminal includes a CD-ROM reader, and a remote crypto- 40 tion provided an apparatus for controlling access by a user 

graphic control unit which is provided with stored crypto- to content of a storage medium, the content including 

graphic keys needed to access to the database. The amount encrypted data and the medium being readable by a corre- 

of actual data use, i.e. the retrieval and decryption of data spending medium reader from which the apparatus is 

from the CD-ROM, is metered locally and recorded as a adapted to receive the content, comprising: means for defin- 

stored data usage record. The charge for data access may be 45 ing a start point in time prior to which decryption of the 

either in accordance with the amount of data decrypted, or encrypted data is inhibited; means for measuring time; and 

in accordance with price information recorded in the respec- means for enabling, responsive to the time clock effectively 

tive data headers of each individual data packet. reaching the start point, the decryption of die encrypted data 

The local stored data usage record is reported by tele- whereby the user has access to the data, 

phone modem from the remote user terminal to a crypto- 50 A particular embodiment includes a local secure authori- 

graphic operations center. Each remote cryptographic con- zation clock which is set and controlled by an authorization 

trol unit has a stored user secret key, unique to that user center having a master clock. The local clock is secure in 

terminal. Communication between the user terminal and the that its setting may not be altered by the consumer, 

cryptographic operations center is protected by encryption The invention manifests a novel service methodology 

under the user secret key, which is stored in a secure memory 55 based on distribution of secured content, such as, movies, 

in the cryptographic control unit. The user secret key for music, games, information and the like, whereby revenue 

each user is also stored in the cryptographic operations may be generated for premier and pay-per-use access to the 

center. When a remote user terminal calls in and identifies secured content. A service providers for instance, locks up a 

itself, the cryptographic operations center looks up the movie on a video disk for which a premier event viewing 

corresponding user secret cryptographic user key, which is 60 date and time may be defined and which the provider may 

then used to secure the subsequent communication data then directly distribute, in advance of the premier event, to 

exchange between the remote user terminal and the crypto- potential consumers. Each consumer may purchase the right 

graphic operations center. Also stored in the cryptographic to view the movie once for a certain fee, for example $5.00, 

operations center are the various cryptographic keys corre- through online access to an authorization center, but the 

spending to the available CD-ROM database titles. The user 65 single viewing will only be aflowed on or after the premier 

secret key is also used to secure the delivery of secret event time. Thereafter, the consumer pays for viewing of the 

database keys from the cryptographic operations center to movie either on a pay-per-use basis or over a defined 
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window of time, and perhaps for reduced fee such as $1.00. 
Moreover, the online authorization process makes it possible 
to track consumer preferences. As an alternative to the 
online payment processing, smart cards may be utilized for 
such. 

This service creates premier events at a set date and time 
as well as for subsequent pay-per-view enjoyment of pre- 
recorded movies, music, information, communications, and 
other electronic entertainment. The service may employ 
online capabilities to create new distribution options for 
digital video disk (DVD), CD-ROM, CD, multimedia games 
and other electronic media. Also, the service authorizes, 
controls, tracks and creates new billing options for premier 
events and pay-per view from the prerecorded content. 

A particular system for carrying out the service may 
include a non-alterable, non-volatile read only control data 
recorded on the DVD, CD-ROM, CD, game cartridges and 
other electronic media. The control data may provide a 
content description, start, expiration and other option control 
marks. The control marks identify the contents and allow 
synchronization of event start and expiration times, and 
billing options. A master clock is controlled by an authori- 
zation center. A secure authorization clock, set and con- 
trolled by the authorization center, is coupled to the con- 
sumer's DVD player, PC, CD player, game machine, 
external modem controller, smart card or PC card. The 
authorization clock is password protected and not alterable 
by the consumer. An online authorization process may be 
implemented which utilizes an authorization window, 
passwords, and the master and secure authorization clocks to 
set the start time for the premier event, and also set ao 
expiration date/time if desired. 

Furthermore, the service creates many distribution and 
billing options. For example, in advance of viewing premier, 
a movie could be distributed on a DVD disk via courier, 
authorized at a convenient for the consumer during the 
authorization window in advance of the premier event but 
not viewed until the date and time of the regional, national 
or world premier event. Another example, a music video or 
multimedia game could be distributed on CD or CD-ROM 
in advance for a world premier on the event date with the 
option of live online interaction. Additional post premier 
event viewing could be authorized, tracked and billed via a 
number of commercial options. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention will be better understood from the follow- 
ing description in conjunction with reference to the accom- 
panying drawings, in which: 

FIG. 1 is a block diagram representation of a first embodi- 
ment of an apparatus for unlocking, dependent upon timed 
availability, a secured content provisioned on a storage 
medium; 

FIG. 2 is a time line chart exemplifying the methodology, 
in accordance with the invention, for timed availability of 
the secured content; and 

FIG. 3 is a block diagram of another embodiment of the 
apparatus to unlock the secured content. 

DETAILED DESCRIPTION 

Referring to FIG. 1, depicted for illustration of the present 
invention is a storage medium 10 and corresponding 
medium reader 12 which is coupled to a controller 14. 
Located remotely from the controller 14 is an authorization 
center 16 to which the controller 14 may establish a com- 
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munication connection, for example, via a public switched 
telephone network (PSTN) 18 or other communications link. 
The storage medium 10 may be provisioned with a data 
content which is secured such that the data may not be 
readily accessed or used without prior authorization. The 
reader 12 is adapted to receive the storage medium 10, the 
data content from which it retrieves and provides to the 
controller 14 which in turn functions to unlock the secured 
data. Unlocking is enabled when the controller 14 is autho- 
rized to do so by the authorization center 16 and associated 
with the authorization may be a time period only during 
which the unlocking is effected. The unlocked data from the 
controller 14 may be passed back to the medium reader 12 
for further processing, if required, and then accessed at 
output 20 for utilization by a ftirther device (not shown). As 
the storage medium 10 contains a secured data content, it 
may be first distributed in bulk to potential consumers each 
of whom must subsequently receive authorization in order to 
access the secured content. 

Now having regard to FIGS. 1 and 2 together, illustrated 
in FIG. 2 is a time line chart to exemplify various timed 
availability schemes, in accordance with the present 
invention, that are implemented by the apparatus of FIG. 1. 
One such scheme is to not allow access to the secured 
contents of the storage medium 10, having been distributed 
in advance, until a predetermined date and time. This 
scheme is otherwise referred to herein as a "premier event" 
type availability of the secured contents. For instance, a 
consumer may receive the storage medium 10 at lime TO 
after which there exists a time window WO within which the 
consumer may, via the controller 14 and PSTN 18 in this 
particular embodiment, communicate with the authorization 
center 16 to request and subsequently receive authorization 
to access the contents of the storage medium 10. This 
process of requesting and receiving authorization is repre- 
sented by the arrow at time Tl. Authorization normally is 
granted on receiving payment from the consumer, in this 
case, for the requested premier event usage. The controller 
14, however, will not enable access to the secured content 
until the date and time, represented by T2, which is associ- 
ated with the premier event. Following time T2, a second 
timed availability scheme is exemplified wherein the con- 
sumer requests authorization from the center 16 and receives 
same in return for payment at time T3, whereby another time 
window Wl is initiated. The payment for authorization at T3 
may be less than that for the premier event made at Tl. 
During window Wl, the consumer may be allowed unlim- 
ited use of the content on the storage medium 10, as 
represented by times T4 and T5. This authorization is 
terminated following expiry of window Wl and thereafter is 
another window W2 which is initiated by the consumer 
requesting and receiving authorization at T6, in order to 
again access the secured content, at T7. A further scheme is 
to vary the lengths of successive windows, for instance, 
from one week, to one month and possibly indefinitely. 
Moreover, only a single use of the content may be allowed 
which use must occur within the authorized window. It is 
also possible to implement a combination of the above timed 
availability schemes, such as, defining a first window during 
which only single usage is authorized and thereafter defining 
a succession of windows which begin with a specified 
number of aUowed uses and gradually increase the allowed 
number over consecutive windows to eventually allow 
unlimited access. A yet further variant is to provide an 
absolute expiration date, indicated at time T8, after which it 
will not be possible to access the secured content thereby 
effectively removing or withdrawing it from the commercial 
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market. Although the consumer will still have possession of secure card 42 which typically contain a processor, clock 

the actual storage medium, on and after time T8 unlocking circuit and non-volatile memory. Furthermore, smart cards 

of the secured content will not be authorized. and PCMCIA cards are known to be equipped with security 

Turning back to FIG. 1 only, the storage medium 10 and ^^^^^^ to prevent access to and tampering with data in its 
its data content are intended to be representative of convcn- 5 memory The card reader/wntcr 44 is adapted to removably 

tional electronic media and content, for example, a compact ^^^^^^^ "^^^'^ ^^.^^ ^ ^"^^^^^ processor 32 to 

disk (CD) encoded with a musical data content, a CD-ROM communicate therewith. 

holding computer usable data, a cartridge having video particular embodiment of the controller 14, the 

game data, and the like. The preferred storage medium 10 is ^^^^^^^ ^^''^ programmed to provide a time of day 

a digital video disk (DVD) which is capable of holding (^OD) clock 52, a consumer identifier 54, a private key 55, 

approximately two movie hours or five gigabytes of data on ^ ^^^^ authorization records and a block decryption key 

each side thereof. Moreover, the DVD standard serves as (^^^ generator 58. The TOD clock 52 represents means for 

video, CD-ROM, CD and data distribution and consequendy measuring time and is a well known capabihty consisting of 

a single DVD reader may be utiUzed in various applications. ^ ^"^^ ^^^^k and a date calendar, the settings for which may 
r«j, *ju f iirisbe password protected and either set online by the authori- 
The data content, visually represented by reference 22, of J ^ ^ • . • rit . ^« 

^, , J- ^A • 1 -1 i>i J zation center 16 or preset prior to issuance or the card 40 11 

the storage medium 10 may mclude an identifier 24 and . • i j . . ^ . » .i i , • 

J J i * J J ^ J J ^ it includes a battery cell whereby the clock circuit is con- 
non-secured data 26 in addition to secured data 28. The , „ , rrAj-^ i , , , 
•J -ij • r 1 '1 u *L . t_ stantly powered. Hence, the TOD clock 52 may not be 
identifier 24 is, for example, a senal number that may be ^ j 5 ... ^^ -.i 
J - *u \u • . -J *L .-1 altered by the consumer thereby ensunng oompuance with 
utilized m the authonzation process to identify the particular ^. / -i u-v* j-*- c *t. i . . 

uu -j jT^ J 20 the timed availabihty conditions for the secured content 28. 

secured data 28 to which access IS desired. The non-secured ™_ -j .4 • i . u 

. ^ . ii£ 1- c*u jj * The consumer identifier 54 is effectively an account number 

data 24 constitutes a free samphng of the secured data 28 u u i ■ i . .t. • 

. J., J xiT . • L by which a particular consumer is known at the authonza- 

as it may be readily accessed, without authorization, by a ,/ * i^ ^n. • * i ca l nox /• 

, / , . '.J J c \' ' hon center 16. The private key 54 may be a RSA (i.e., 

potential consumer and IS provided as a means for enticing „. , „. . , aji m . • • i -.J 

f, , c . J J i * f Rivest-Shamir and Adleman) key that IS uniquely associated 

the consumer to pay for access to the secured data content. ,/ , j * uv i u u * 

^ 25 with the consumer and corresponds to a public key held at 

Locking and unlocking of the secured data 28 content authorization center 16, but the private key 54 is not 

may be effected through a combinarion of symmetric key ^^^^ authorization center 16. The list of authori- 

cryptography and public key cryptography techniques which ^^tion records 56 contains a separate record for each secured 

are compliant with the United States data encryption stan- ^^^^^^^ ^^^^^ ^^^^ ^^.^^dy been authorized by the 
dard (DES). A charactenstic of symmetric cryptography is 3^ authorization center 16. Each authorization record contains: 

that the same key, K, is utilized in both the encipherment and ^^e identifier 24 of the secured content 28 on storage 

decipherment of data. The public key cryptography is medium 10; a start date and time at which access thereto 

applied to encrypt key K uniquely for a specific consumer ^ay be enabled; an expiration date and time after which 

under a public key associated with that consumer. A pre- authorization lapses or is no longer in effect; a limit for 
ferred embodiment of the secured data 28 consists of a 35 usage; and a key K on which securing of the data content 28 
plurality of contiguous blocks 30, labeled B„ B^, B3, etc., ^^art and expiration dates and times define 

each containmg data encrypted by respective keys K^, K^, the window or period of timed availability during which 

K3, etc. The secured data 28 is arranged on the storage access to the secured content 28 may be enabled. The usage 

medium 10 and the reader 12 operated such that consecutive ^^^^ defines the number of accesses to the secured content 

blocks 30 may be retrieved sequentially by the reader 12. ^^^^ ^e made during the window and typically is either 
The application of combined symmetric key and pub he key unlimited 

cryptography to the present invention is described in more generator 56 functions to generate a block decryp- 

e ai e ow. ^^^^ needed to decrypt the particular data block 

The controller 14 comprises a processor 32 operating in 30 stored in the B^ buffer 50. Generation of the block 
conjunction with a memory 34, keypad 36, display 38, 45 decryption key K, is effected for each data block 30, 

modem 40 and a combination of a secure card 42 with a represented by B^, and is based on a proprietary algorithm 

corresponding card reader/writer 44. The processor 32 which accepts as input the key K retrieved from the autho- 

functions, under the control of software stored in the rization record for that secured content 28 and another value 

memory 34, to receive data from the medium reader 12 and uniquely associated with that data block 30, such as, an 
appropriately process the received data in order to unlock 50 indication of its position in the sequence for the contiguous 

the secured (i.e., encrypted) data 28, subject to authorized data blocks 30. For example, denotes the initial or first 

and timed access, which data may then be provided via the block 30 of secured data 28 and its corresponding decryption 

reader 12 at output 20. The memory 34 includes a data block key is derived by the K.. generator 56 based on key K and 

(B^ buffer 46, a block decryption key (K,) buffer 48 and a a sequence indicator value of 1. The sequence indicator may 
decryption algorithm 50. The B,- buffer 46 stores individual 55 be encoded into each data block 30 or generated by the 

encrypted data blocks 30 of the secured data 28 for the controller 14 which has an intimate knowledge of the 

decryption process. The K,. buffer 48 stores a respective physical arrangement of the storage medium 10 and the 

symmetric key which corresponds to a particular data block partitioning for its secured content 28. The use of a plurality 

30 in the B,- buffer 46 and is apphed with algorithm 50 by of key K,, derivable from a single key K, to encrypt and 

processor 32 to decrypt (i.e., unlock) that encrypted data decrypt corresponding blocks B,- of secured content provides 

block. The keypad 36 and the display 38 constitute means by an extra layer of security from potential attackers. As the key 

which a user may interact with the controller 14, and the k,- for decrypting the content changes frequently (K^, K^, 

modem 40 provides an mterface to the PSTN 18 whereby the K3, etc.) during the decryption process, if the attackers are 

processor 32 may communicate with the authorization cen- not able to compromise the security features of the secure 

65 card 42 to extract key K and the algorithm for generator 

The secure card 42 and reader/writer 44 are conventional 58 therefrom then it would be necessary to convey the entire 

devices. Smart cards and PCMCIAcards are examples of the sequence of K,- keys to others in order to gain unauthorized 
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access to the secured content 28. For example, if a new 8 
byte key is supplied every millisecond over the course of a 
two hour movie, there is a total 55 Mbytes of keys that must 
be provided to the unauthorized others. 

The authorization center 16 is embodied by an online 
computer server 60, a database 62 and a workstation 64. The 
server 60 functions to automatically accept incoming calls, 
process authorization requests and grant authorization where 
appropriate, and may provide a master clock 61 based on 
which the TOD clock 52 of the controller 14 may be set and 
controlled. It maintains in the database 62 a list of identifiers 
which correspond to the identifiers 24 of any secured content 
28 that may have been distributed. Associated with each 
identifier is a control record defining availability conditions 
for the particular secured content 28, Hie control record may 
include the key K from which the sequence of decrypting 
keys K, needed for decryption of the secured content 28 are 
derived, premier date and time values, and a window defi- 
nition having parameters for specifying: a time limit (i.e., 
number of days and/or hours) for which granted authoriza- 
tion is to be effective; a usage limit indicating whether a 
specific nimiber, such as one, or unlimited use is authorized 
over the specified number of days; and a cost for the usage. 
Alternatively, a plurality of window definitions which are 
applicable over respective chronological time periods may 
be employed in order to alter the parameters, such as cost 
and usage limit, over time. Furthermore, the control record 
may include an absolute expiration date, after which autho- 
rized use of the secure content 28 will no longer be granted. 

The server 60 also maintains in the database 62 a directory 
of identifiers for consumers and corresponding account 
records. Each consumer account record contains a public 
key associated with the consumer, and an amount of prepaid 
funds or credit limit available in the accoimt. The worksta- 
tion 64, operated by an attendant, interacts with the server 60 
to provide manual assistance when needed for processing of 
an incoming call, to update certain records in the database 
64, and it captures consumer identifiers together with secure 
content identifiers to generate statistical data whereby con- 
sumer usage and preferences may be tracked. 

In operation, a consumer normally receives, in advance of 
a predetermined premier event date, a storage mediimi 10 
having secured content 28, for instance, a DVD disk con- 
taining a movie production which is encrypted together with 
non-secured (non-encrypted) data 24 including a sample 
trailer and audio/visual instructions explaining particulars 
for access to the encrypted movie. The consumer would 
apply the medium 10 (DVD disk) to the medium reader 12 
and the output 20 thereof would be connected, in this 
particular context, to a television set or monitor of a home 
theater system. The processor 32 of controller 14 forwards 
any non-encrypted video data received from the reader 12, 
without any processing of the that data, back to the reader 12 
which in turn processes the data stream to generate appro- 
priate analog video signals at its output 20, thereby allowing 
the consumer to access and view the trailer and instructions 
but not the actual movie. If interested in viewing the movie 
production, the consumer indicates this desire to the con- 
troller 14 by depressing an appropriate key on the keypad 36 
which generates a corresponding signal that is received by 
the processor 32, Responsive thereto, the processor 32 first 
determines whether an authorization record already exists in 
the list 56 for the identifier 24 provided on the medium 10 
and received from the reader 12. 

Assuming in this instance that authorized access to the 
secured content 28 had not been previously requested and 
granted, the processor 32 utilizes the modem 40 to establish 
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a connection through the PSTN 18, by dialing a specific 
1-800 number, with the authorization center 16 whereby 
online communication with the server 60 may be effected. 
The processor 32 transmits, via the modem 40, an authori- 
zation request message to the server 60. The authorization 
request message includes the identifier 24 of movie produc- 
tion and the identifier 54 of the consumer which it retrieves, 
via reader/writer 44, from the secure card 42, The server 60 
at authorization center 16 utilizes the secured content iden- 
tifier and the consumer identifier included in the authoriza- 
tion request message to retrieve, respectively, the corre- 
sponding control record and consumer account record which 
are stored in the database 62. The server 60 applies the 
amount specified for cost of usage in the control record 
against the consumer's account and where sufBdent funds or 
credits are present, subsequently generates an authorization 
granted message which the server 60 transmits through the 
PSTN 18 to the controller 14. The authorization granted 
message indicates: the identifier 24 of the secured content 28 
to which access is now authorized; the start date and time at 
which access to the secured content (i.e., unlocking) may be 
enabled; the expiration date and time after which authori- 
zation lapses; the tisage limit; and the key K which is 
encrypted, for security, by the server 60 under the public key 
of the consumer. Alternatively, the entire content of the 
authorization granted message may be encrypted under the 
consumer's public key. In connection with a premier event, 
the start date and time values are the premier date and time 
values taken from the control record, and the expiration date 
and time values may be calculated from the start values plus 
a time limit offset which may be a predetermined default 
value, for example, twenty -four hours or the limit specified 
in the window definition. The usage limit may be any value 
but normally is one for a premier event. For authorizations 
following the premier event, the start date and time values 
would be those current when the authorization request 
message is received in order to allow immediate access to 
the secured content 28, the expiration date and time being 
calculated therefrom tising the time limit specified in the 
window definition of the control record. The usage limit 
would be that specified in the control record. An alternative 
to specifiying the exact date/time of expiration is to instead 
specify a window (i.e., period) of time, such as one day or 
one week, during which use is authorized and which window 
is effective beginning on the specified start date. The TOD 
clock 52 may, in this context, be employed as a means to 
measure time by counting down the units of time in the 
window until it is no longer valid. The processor 32 of the 
controller 14 utilizes the secure card 42 to store the contents 
of the received authorization granted message as an autho- 
rization record in the list 56. 

In respect of secured content 28 for which an authoriza- 
tion record does exist in the authorization list 56, the 
processor 32 verifies when access thereto is requested by the 
consumer that such access is to be enabled by comparing the 
current date and time, supplied by TOD clock 52, to the start 
and expiration dates and times specified in the authorization 
record. When the start date and time are later than the 
present parameters, then the processor 32 will not attempt to 
decrypt the secured content 28, When the present date and 
time are later than the expiration parameters, again the 
processor 32 will not enable access to the secured content 
and also it will remove, via the reader/writer 44, that 
authorization record from the authorized list 56. 
Alternatively, the processor on board the secure card 46 may 
be programmed to govern issuance of the decrypting keys K,- 
only when warranted by verifying the requested access does 
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comply with the conditions of the authorization record, and 
it may monitor for authorization records which lapse to 
automatically delete same. 

When the current date and time are within the start and 
expiration dates and times of the authorization record, the 
processor 32 then proceeds with the decryption process 
whereby the secured content 28 is unlocked. Such involves 
the processor 32 providing a sequence indicator value of one 
to the K,- generator 58 which then initiates generation of 
decrypting keys beginning with that corresponds to 
the first block 30 (Bj) of secured content 28 and continuous, 
unless interrupted by the processor 32, to automatically 
generate successive keys thereafter, namely K^, K3, etc., 
knowing that the encrypted data blocks 30 are retrieved 
sequentially. The generation of decrypting keys K^- requires 
the secure card 42 first to decrypt encrypted key K, retrieved 
from the authorization record, using the private key 55. The 
K,- generator 59 then utUizes the decrypted key K and the 
sequence indicator value to generate the successive decrypt- 
ing keys K^. each being provided sequentially to the proces- 
sor 32 as needed. 

The processor 32 continues with the decryption process 
by retrieving, via the medium reader 12, each encrypted data 
block 30 beginning with block which is stored in 
buffer 48 and, via card the reader/write 44, each decrypting 
key K, beginning with key Kj which is stared in B,- buffer 48. 
Then the processor 32 applies the decryption algorithm 46 
together with the key in buffer 48 to the encrypted data 
in B, buffer 50 thereby effecting decryption of that data 
block and the decrypted data is provided at output 20. The 
processor 32 repeats these steps for each block 30 of the 
secured content 28. 

Another embodiment of the apparatus, in accordance with 
the invention, to unlock secured data of a storage medium 
dependent upon timed availability is illustrated in FIG. 3. 
TTie content of the storage medium 70 includes, as visually 
represented by reference 72, control data 74 in addition to 
the content identifier 76, the non-secured data 78 and the 
secured data 79. The control data 74 may comprise premier 
date and time values 80 with associated cost 81, window 
definition parameters specifying a time limit 82, usage limit 
83 and cost 84 subsequent to premier event, and an absolute 
expiration date 85 after which access to the secured content 
will not be granted. Furthermore, in this embodiment of the 
controller 86 the secure card 88 is programmed to provide 
the TOD clock 90 and as well maintain an amount of funds 

91 prepaid by the consumer, a list 92 of authorized access 
records and a decryption key 93. The amount of prepaid 
funds 91 may be adjusted in return for receiving monetary 
compensation and the particular decryption key 93 updated 
periodically, for instance, by an authorization center (not 
shown) which the consumer may visit for manual updating 
of these values or through an automatic online process. 

To unlock the secured content 88, the processor 94 
provides the content identifier 76 and control data 74, via the 
reader/writer 89, to the secure card 88 which in turn per- 
forms authorization processing. The secure card 88 first 
determines whether an authorization record exits in the list 

92 corresponding to the identifier 76. When an authorization 
record docs not exist, the processor 94 then detennines the 
start and expiration times/dates based on the TOD clock 90 
which together with the usage limit 83 defined a new 
authorization record that is added to the list 92. The prepaid 
funds 91 is decrement by the appropriate amount, either cost 
75 or 78 as specified in the control data 74, which is 
applicable under the present access context. When the TOD 
clock 90 indicates the current date as being subsequent to the 
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absolute expiration date 85 specified on the storage medium 
70, the processor 94 will not authorize access to the secured 
content 79. 

Following determination that an authorization record does 

5 exist or the addition of a new record if not, the secure card 
88 next confirms that access to the particular secured content 
is valid in respect of the present date and time, responsive to 
which it either provides or refuses to provide the decryption 
key 93 to the processor 94. Upon receiving the decryption 

jQ key 93 from the secure card 88, the processor 94 stores it in 
key buffer 95 of local memory 96 and applies it together 
with decryption algorithm 97 to the encrypted data received 
from the reader 98. The decrypted data is provided to the 
medium reader 98 for further processing, if appropriate, and 
then made accessible at output 99. Th& secure card 88 
updates the authorization record upon the consumer access- 
ing the secured data and when an authorization record is no 
longer valid, namely when the expiration date has passed or 
the usage limit has been reached, that record is deleted from 
the authorization list 92. 

^0 Although the above embodiments describe attaching con- 
trol conditions to a particular secured content, it should be 
apparent to a skilled artisan that a possible variant is to 
incorporate a single set of control data into the memory of 
the controller whereby the control data may be apphed as the 

25 default timed availability conditions to unlocking of all 
secured content. Another variant is to build a secure memory 
and secure TOD clock directly into the controller as a 
substitute to utilizing the combination of a secure card and 
card readerAvriter. A yet further variant is to have the 

3Q consumer manually carry out the authorization request and 
grant process by placing a voice call to the authorization 
center and interact either with an automated or human 
attendant to obtain an authorization code, encoded into 
which would be the decryption key and which may then be 
entered manually at the controller though the keypad. 

Those skilled in the art will recognize that these and other 
modifications and changes could be made to the invention 
without departing from the spirit and scope thereof. It should 
therefore be understood that the claims are not to be con- 
sidered as being limited to the precise embodiments set forth 
above, in the absence of specific limitations directed to each 
embodiment. 
I claim: 

1. A method of controlling access by a user to a data 
content of a storage medium, the data being encrypted, 
comprising the steps of: 

examining an at least three element authorization record 
which comprises the elements of an unencrypted start 
time prior to which decryption is inhibited, a decryp- 
tion key and one of an expiration time or a usage limit, 
wherein the elements define access restrictions; 

measuring time; and 

enabling, responsive to the examination of the access 
restrictions, the decryption of the encrypted data 
55 whereby the user has access to the data. 

2. A method as claimed in claim 1, comprising the steps 
of: 

requesting access to the encrypted data from an authori- 
zation center; and 
60 receiving authorization which includes a key for the 
decryption of the encrypted data. 

3. A method as claimed in claim 2, wherein the step of 
defining the start point in time comprises providing an 
indication of the start point with the authorization. 

65 4. A method as claimed in claim 2, wherein the step of 
defining the start point in time comprises providing an 
indication of the start point on the storage medium. 
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5. A method as claimed in claim 2, wherein the access 
request includes an identifier of the user and an identifier of 
the encrypted data, and further comprising tracking by the 
authorization center usage of the user. 

6. A method as claimed in claim 1, wherein the step of 
defining the start point in time comprises providing an 
indication of the start point on the storage medium. 

7. A method as claimed in claim 1, comprising the steps 

of: 

defining an expiration point in lime; and 

inhibiting, responsive to the measured lime effectively 
reaching the expiration point, the decryption of the 
encrypted data whereby the user is prevented access to 
the data. 

8. A method as claimed in claim 7, comprising the steps 

of: 

requesting access to the encrypted data from an authori- 
zation center; and 

receiving authorization which includes a key for the 
decryption of the encrypted data. 

9. A method as claimed in claim 8, wherein the steps of 
defining the start point in time and defining the expiration 
point in time comprise providing an indication of the start 
point and an indication of the expiration point with the 
authorization. 

10. A method as claimed in claim 8, wherein the steps of 
defining the start point in time and defining the expiration 
point in time comprise providing an indication of the start 
point and an indication of the expiration point on the storage 
medium. 

11. A method as claimed in claim 8, wherein the access 
request includes an identifier of the user and an identifier of 
the encrypted data, and further comprising tracking by the 
authorization center usage of the user. 

12. A method as claimed in claim 7, wherein the steps of 
defining the start point in time and the expiration point in 
time comprise providing an indication of the start point and 
an indication of the expiration point on the storage medium. 

13. A method as claimed in claim 7, comprising the steps 

of: 

defining a usage limit; 
metering usage of the data content; and 
inhibiting, responsive to the metered usage reaching the 
usage limit, the decryption of the encrypted data. 

14. A method as claimed in claim 13, comprising the steps 

of: 

requesting access to the encrypted data from an authori- 
zation center; and 

receiving authorization which includes a key for the 
decryption of the encrypted data. 

15. A method as claimed in claim 14, wherein the steps of 
defining the start point in time, defining the expiration point 
in time and defining the usage limit comprise providing an 
indication of the start point, an indication of the expiration 
point and an indication of the usage limit with the authori- 
zation. 

16. A method as claimed in claim 14, wherein the steps of 
defining the start point in time, defining the expiration point 
in time and defining the usage limit comprise providing an 
indication of the start point, an indication of the expiration 
point and an indication of the usage limit on the storage 
medium, 

17. A method as claimed in claim 14, wherein the access 
request includes an identifier of the user and an identifier of 
the encrypted data, and further comprising tracking by the 
authorization center usage of the user. 
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18. A method as claimed in claim 13, wherein the steps of 
defining the start point in time, defining the expiration point 
in time and defining the usage limit comprise providing an 
indication of the start point, an indication of the expiration 

S point and an indication of the usage limit on the storage 
medium. 

19. A method as claimed in claim 2, wherein the step of 
measuring time includes providing secure time clock means 
for measuring time, the time clock means being secure such 
that it can not be altered by the user. 

20. A method as claimed in claim 19, comprising setting 
the secure time clock means by the authorization center. 

21. A method as claimed in claim 20, wherein the secure 
time clock means is password protected. 

22. A method as claimed in claim 2, comprising providing 
a secure device having a time clock means for measuring 
time and a memory in which a key for decryption of the 
encrypted data is stored. 

23. A method as claimed in claim 2, comprising providing 
non-encrypted data on the storage medium, and enabfing 
access thereto without authorization. 

24. A method of controlling decryption of encrypted data, 
comprising the steps of: 

examining an at least three clement authorization record 
j2 which comprises the elements of an unencrpyted start 
time prior to which decryption is inhibited, a decryp- 
tion key and one of an expiration time and a usage limit, 
wherein the elements define access restrictions; 
measuring time; and 
30 enabling the decryption of the encrypted data after the 
measmred time effectively reaches the start time. 

25. Amethod as claimed in claim 24, comprising the steps 
of: 

defining an expiration point in time; and 
35 inhibiting the decryption of the encrypted data after the 
measured time effectively reaches the expiration point. 

26. Amethod as claimed in claim 24, comprising the steps 
of: 

defining a usage limit; 
^° metering usage of the data content; and 

inhibiting the decryption of the encrypted data once the 
metered usage reaches the usage limit. 

27. An apparatus for controUing access by a user to 
content of a storage medium, the content including 
encrypted data and the medium being readable by a corre- 
sponding medium reader from which the apparatus is 
adapted to receive the content, comprising: 

means for defining a start time prior to which decryption 
of the encrypted data is inhibited; 

means for storing an at least three element authorization 
record, which authorization record comprises the ele- 
ments of the start time which is unencrypted, a decryp- 
tion key and one of an expiration time or a usage limit, 
wherein the three elements define access restrictions; 

means for measuring time; and 

means for enabling, responsive to the access restrictions, 
the decryption of the encrypted data whereby the user 
has access to the data. 
(JO 28. An apparatus as claimed in claim 27, comprising: 
means for requesting access to the encrypted data from an 

authorization center; and 
means for receiving authorization which includes a key 
for the decryption of the encrypted data. 
65 29, An apparatus as claimed in claim 28, wherein the 
means for defining the start point in time comprises provid- 
ing an indication of the start point with the authorization. 
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30. An apparatus as claimed in claim 28, wherein the 
means for defining the start point in time comprises provid- 
ing an indication of the start point on the storage medium. 

31. An apparatus as claimed in claim 27, wherein the 
means for defining the start point in time comprises provid- 
ing an indication of the start point on the storage medium. 

32. An apparatus as claimed in claim 27, comprising; 
means for defining an expiration point in time; and 
means for inhibiting, responsive to the measured time 

efifectively reaching the expiration point, the decryption 
of the encrypted data whereby the user is prevented 
access to the data. 

33. An apparatus as claimed in claim 32, comprising: 
means for requesting access to the encrypted data from an 

authorization center; and 
means for receiving authorization which includes a key 
for the decryption of the encrypted data. 

34. An apparatus as claimed in claim 33, wherein the 
means for defining the start point in time and means for 
defining the expiration point in time comprise providing an 
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indication of the start point and an indication of the expi- 
ration point with the authorization. 

35. An apparatus as claimed in claim 33, wherein the 
means for defining the start point in time and means for 

5 defining the expiration point in time comprise providing an 
indication of the start point and an indication of the expi- 
ration point on the storage medium. 

36. An apparatus as claimed in claim 32, wherein the 
means for defining the start point in time and means for 

10 defining the expiration point in time comprise providing an 
indication of the start point and an indication of the expi- 
ration point on the storage medium. 

37. An apparatus as clauned in claim 32, comprising: 
means for defining a usage limit; 

means for metering usage of the data content; and 
means for inhibiting, responsive to the metered usage 

reaching the usage limit, the decryption of the 

encrypted data. 

* « * )tt >|: 
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